Re: samba2 on pogoplug not accessible from mac

Thanks, oddballhero. After looking around a bit... Looks like MacOS X 10.8 has little if any support for earlier versions of Samba. Apparently I upgraded both

Message 1 of 24
, Jan 3, 2013

0 Attachment

Thanks, oddballhero. After looking around a bit... Looks like MacOS X 10.8 has little if any support for earlier versions of Samba. Apparently I upgraded both my servers and my Macs right past a whole load of trouble in this area so the only advice I can give is to upgrade Samba or use NFS as an alternative.

I m pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two

Message 5 of 24
, Jan 4, 2013

0 Attachment

I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).

... Samba3 is from 2003. Samba4 just went stable a few weeks ago. ... FYI: https://www.samba.org/samba/security/CVE-2012-1182 The version I see in Optware, is

Message 6 of 24
, Jan 4, 2013

0 Attachment

On 01/04/2013 08:28 PM, oddballhero wrote:

> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).

> On 01/04/2013 08:28 PM, oddballhero wrote:
>> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
>
> Samba3 is from 2003. Samba4 just went stable a few weeks ago.
>
>> I've been running 3.6 for some time.
>
> FYI: https://www.samba.org/samba/security/CVE-2012-1182
>
> The version I see in Optware, is 3.2.15-5, which would also be
> vulnerable to the above exploit.
>
> - Ron
>

Hello!
Ron nice to see you here. What is the exploit? For those of us who do
not follow those please summarize.

... I bought an ASUS RT-N16 last year. The discovery of Optware has led to a device I continue to find new uses for. ... I don t follow these either. I went

Message 8 of 24
, Jan 4, 2013

0 Attachment

On 01/04/2013 10:21 PM, Gregg Levine wrote:

> On Fri, Jan 4, 2013 at 8:43 PM, Ron Guerin<ron@...> wrote:
>> On 01/04/2013 08:28 PM, oddballhero wrote:
>>> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
>>
>> Samba3 is from 2003. Samba4 just went stable a few weeks ago.
>>
>>> I've been running 3.6 for some time.
>>
>> FYI: https://www.samba.org/samba/security/CVE-2012-1182
>>
>> The version I see in Optware, is 3.2.15-5, which would also be
>> vulnerable to the above exploit.
>>
>> - Ron
>>
>
> Hello!
> Ron nice to see you here.

I bought an ASUS RT-N16 last year. The discovery of Optware has led to
a device I continue to find new uses for.

> What is the exploit? For those of us who do not follow those please
> summarize.

I don't follow these either. I went to look up the year Samba3 was
released and found the security warning on the Wikipedia page. The
entire description is summary length, so I'll post it here.

===========
Description
===========

Samba versions 3.6.3 and all versions previous to this are affected by
a vulnerability that allows remote code execution as the "root" user
from an anonymous connection.

The code generator for Samba's remote procedure call (RPC) code
contained an error which caused it to generate code containing a
security flaw. This generated code is used in the parts of Samba that
control marshalling and unmarshalling of RPC calls over the network.

The flaw caused checks on the variable containing the length of an
allocated array to be done independently from the checks on the
variable used to allocate the memory for that array. As both these
variables are controlled by the connecting client it makes it possible
for a specially crafted RPC call to cause the server to execute
arbitrary code.

As this does not require an authenticated connection it is the most
serious vulnerability possible in a program, and users and vendors are
encouraged to patch their Samba installations immediately.

>
> On 01/04/2013 08:28 PM, oddballhero wrote:
> > I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
>
> Samba3 is from 2003. Samba4 just went stable a few weeks ago.

... It s good for things like What year did XYZ come out? , especially for something as old as Samba3. I actually thought it was a little older, but I m

Message 10 of 24
, Jan 4, 2013

0 Attachment

On 01/05/2013 01:04 AM, oddballhero wrote:

>
>
> --- In nslu2-general@yahoogroups.com, Ron Guerin wrote:
>>
>> On 01/04/2013 08:28 PM, oddballhero wrote:
>>> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
>>
>> Samba3 is from 2003. Samba4 just went stable a few weeks ago.
>
> Will the wonders of Wikipedia ever cease.

It's good for things like "What year did XYZ come out?", especially for
something as old as Samba3. I actually thought it was a little older,
but I'm probably thinking of the pre-stable releases (I've been using
Samba for a long time). For anyone curious about Samba4, there's an
Active Directory service in there now. I'm guessing that running all
that might be asking a bit much for an Optware device.